THREATNOIR
Subscribe
Back to Feed
MalwareApr 21, 2026

#SEOPoisoning seen delivering #LummaStealer via fake YubiKey pages. The attack chain utilizes DLL...

SEO poisoning campaign distributes LummaStealer via counterfeit YubiKey pages.

Read at source

Summary

Attackers are using SEO poisoning to rank malicious pages impersonating YubiKey, distributing LummaStealer infostealer malware. The attack chain employs DLL sideloading, PowerShell defense evasion, and an obfuscated AutoIt loader to inject the stealer directly into memory. This targets users searching for legitimate hardware security keys and credential management.

Indicators of Compromise

  • malware — LummaStealer
  • mitre_attack — T1574.002
  • mitre_attack — T1059.001
  • mitre_attack — T1055

Entities

YubiKey (product)AutoIt (technology)PowerShell (technology)